Configuring Keycloak for Productive Operation
Keycloak ships with an H2 database by default so that Keycloak can be used without further configuration. However, the H2 database is not suitable for productive operation due to security issues and limited scalability.
To use Keycloak for safe productive operation, you should configure the following beforehand:
Transport Layer Security (TLS)
Host name
Reverse proxy/load balancer component
SQL database
Note:
For more information on attaching databases to Keycloak, see the official Keycloak documentation (https://www.keycloak.org):
Connecting an alternative database to Keycloak for productive operation: https://www.keycloak.org/server/configuration-production (Guides > Server > Configuring Keycloak for Production)
Connecting databases to Keycloak: https://www.keycloak.org/server/db (Guides > Server > Configuring the Database)
Note:
Please keep in mind that the settings vary depending on the type of database.
To set up an alternative database with Keycloak, you must import the standard Keycloak realm X4Realm and the users.
To do so, use the scripts contained in the <server_directory>\keyloak\data\import folder:
X4Realm-realm.jsonX4Realm-users-0.json
Both scripts can be imported via an include mechanism described in the official Keycloak documentation: https://www.keycloak.org/server/importExport (Guides > Server > Importing and Exporting Realms).
Please note the following:
The import takes place in two logical steps: While the X4Realm-Realm.json script is used to create the user service-account-x4, the X4Realm-users-0.json script assigns specific rights and permissions to the user.
To allow this extension of the user configuration, select the Overwrite option during import. This will ensure that the existing account is completed with the required rights.